>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

RA-5Vulnerability Monitoring and Scanning

>Control Description

a

Monitor and scan for vulnerabilities in the system and hosted applications organization-defined frequency and/or randomly in accordance with organization-defined process and when new vulnerabilities potentially affecting the system are identified and reported;

b

Employ vulnerability monitoring tools and techniques that facilitate interoperability among tools and automate parts of the vulnerability management process by using standards for:

1.

Enumerating platforms, software flaws, and improper configurations;

2.

Formatting checklists and test procedures; and

3.

Measuring vulnerability impact;

c

Analyze vulnerability scan reports and results from vulnerability monitoring;

d

Remediate legitimate vulnerabilities organization-defined response times in accordance with an organizational assessment of risk;

e

Share information obtained from the vulnerability monitoring process and control assessments with organization-defined personnel or roles to help eliminate similar vulnerabilities in other systems; and

f

Employ vulnerability monitoring tools that include the capability to readily update the vulnerabilities to be scanned.

>Related Controls

CA-2
CA-7
CA-8
CM-2
CM-4
CM-6
CM-8
RA-2
RA-3
SA-11
SA-15
SC-38
SI-2
SI-3
SI-4
SI-7
SR-11

Ask AI

Configure your API key to use AI features.